CN112069472A

Movatterモバイル変換

Info

Publication number: CN112069472A
Application number: CN202010717428.3A
Authority: CN
Inventors: 春意; 邓建民; 孙晶; 麻磊; 王龙; 杨银占; 赵妍; 万婧昕; 任艳方; 赵立先; 刘之源
Original assignee: China Academy of Railway Sciences Corp Ltd CARS; Institute of Computing Technologies of CARS; Beijing Jingwei Information Technology Co Ltd
Current assignee: China Academy of Railway Sciences Corp Ltd CARS; Institute of Computing Technologies of CARS; Beijing Jingwei Information Technology Co Ltd
Priority date: 2020-07-23
Filing date: 2020-07-23
Publication date: 2020-12-11

Abstract

Translated fromChinese

本发明实施例提供一种用户登录认证方法及系统，该方法包括：获取前端输入的密码原文；将所述密码原文进行第一正向加密处理，得到第一加密密文；将所述第一加密密文传输至后端，对所述第一加密密文进行逆向解密处理，得到初始解密结果；对所述初始解密结果进行第二正向加密处理，得到第二加密密文；将所述第二加密密文与预设密码库进行匹配，得到最终解密结果。本发明实施例通过在用户登录系统过程中实现二次加密，加密后密码为不可逆，且同一密码加密结果不同，但仍能匹配成功，多次加密过程保障了系统的登录安全。

Embodiments of the present invention provide a user login authentication method and system. The method includes: obtaining the original text of a password input by a front end; performing a first forward encryption process on the original text of the password to obtain a first encrypted cipher text; The encrypted ciphertext is transmitted to the back end, and reverse decryption processing is performed on the first encrypted ciphertext to obtain an initial decryption result; second forward encryption processing is performed on the initial decryption result to obtain a second encrypted ciphertext; The second encrypted ciphertext is matched with the preset password library to obtain a final decryption result. The embodiment of the present invention implements secondary encryption in the process of user login to the system, the encrypted password is irreversible, and the encryption results of the same password are different, but the matching can still be successful, and the multiple encryption process ensures the security of the system login.

Description

Translated fromChinese

一种用户登录认证方法及系统A user login authentication method and system

技术领域technical field

本发明涉及信息安全技术领域，尤其涉及一种用户登录认证方法及系统。The invention relates to the technical field of information security, in particular to a user login authentication method and system.

背景技术Background technique

在常用的登录系统中，例如铁路系统登录时一般使用前台加密，或者后台加密来进行安全保障，此时加密后的值为固定，且和后台的数据库相对应，如果被其他人截取到传递过程中的信息，哪怕是加密后的信息，也同样可以跟数据库进行对应，导致安全性不足。In common login systems, such as railway system login, foreground encryption or background encryption is generally used for security protection. At this time, the encrypted value is fixed and corresponds to the database in the background. The information in the database, even the encrypted information, can also correspond to the database, resulting in insufficient security.

在现有的登录认证过程中，存在着加密方式单一，容易被破解，并且密码和数据库一一对应，一旦发生数据泄露，能轻易地根据用户和密码登录系统等缺陷。In the existing login authentication process, there are defects such as single encryption method, easy to be cracked, and one-to-one correspondence between passwords and databases.

因此，需要提出一种新的用户登录认证方法，用以解决上述不足。Therefore, there is a need to propose a new user login authentication method to solve the above deficiencies.

发明内容SUMMARY OF THE INVENTION

本发明实施例提供一种用户登录认证方法及系统，用以解决现有技术中在系统登录时采用固定的加密值导致安全性不足的缺陷。Embodiments of the present invention provide a user login authentication method and system, which are used to solve the defect of insufficient security caused by using a fixed encryption value during system login in the prior art.

第一方面，本发明实施例提供一种用户登录认证方法，包括：In a first aspect, an embodiment of the present invention provides a user login authentication method, including:

获取前端输入的密码原文；Get the original text of the password entered at the front end;

将所述密码原文进行第一正向加密处理，得到第一加密密文；Performing a first forward encryption process on the original cipher text to obtain a first encrypted ciphertext;

将所述第一加密密文传输至后端，对所述第一加密密文进行逆向解密处理，得到初始解密结果；transmitting the first encrypted ciphertext to the back end, and performing reverse decryption processing on the first encrypted ciphertext to obtain an initial decryption result;

对所述初始解密结果进行第二正向加密处理，得到第二加密密文；performing a second forward encryption process on the initial decryption result to obtain a second encrypted ciphertext;

将所述第二加密密文与预设密码库进行匹配，得到最终解密结果。Matching the second encrypted ciphertext with a preset cipher library to obtain a final decryption result.

进一步地，所述第一正向加密处理包括加密操作和转码操作。Further, the first forward encryption process includes an encryption operation and a transcoding operation.

进一步地，所述逆向解密处理包括解码操作和解密操作。Further, the reverse decryption process includes a decoding operation and a decrypting operation.

进一步地，所述第二正向加密处理包括通过SHA-256算法和随机盐算法处理，以及添加密钥操作。Further, the second forward encryption processing includes processing through SHA-256 algorithm and random salt algorithm, and adding a key operation.

进一步地，所述SHA-256算法为不可逆的Hash算法。Further, the SHA-256 algorithm is an irreversible Hash algorithm.

进一步地，所述第一加密密文与所述第二加密密文不相同。Further, the first encrypted ciphertext is different from the second encrypted ciphertext.

进一步地，所述预设密码库是通过将加密密码存储在预设数据库中所得到的。Further, the preset password library is obtained by storing encrypted passwords in a preset database.

第二方面，本发明实施例还提供一种用户登录认证系统，包括：In a second aspect, an embodiment of the present invention further provides a user login authentication system, including:

获取模块，用于获取前端输入的密码原文；Get module, used to get the original text of the password input by the front end;

第一加密模块，用于将所述密码原文进行第一正向加密处理，得到第一加密密文；a first encryption module, configured to perform a first forward encryption process on the original cipher text to obtain a first encrypted ciphertext;

解密模块，用于将所述第一加密密文传输至后端，对所述第一加密密文进行逆向解密处理，得到初始解密结果；a decryption module, configured to transmit the first encrypted ciphertext to the back end, and perform reverse decryption processing on the first encrypted ciphertext to obtain an initial decryption result;

第二加密模块，用于对所述初始解密结果进行第二正向加密处理，得到第二加密密文；A second encryption module, configured to perform a second forward encryption process on the initial decryption result to obtain a second encrypted ciphertext;

匹配模块，用于将所述第二加密密文与预设密码库进行匹配，得到最终解密结果。A matching module, configured to match the second encrypted ciphertext with a preset cipher library to obtain a final decryption result.

第三方面，本发明实施例还提供一种电子设备，包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序，所述处理器执行所述程序时实现如上述任一种所述用户登录认证方法的步骤。In a third aspect, an embodiment of the present invention further provides an electronic device, including a memory, a processor, and a computer program stored in the memory and running on the processor, wherein the processor implements any of the above-mentioned programs when executing the program. the steps of the user login authentication method.

第四方面，本发明实施例还提供一种非暂态计算机可读存储介质，其上存储有计算机程序，该计算机程序被处理器执行时实现如上述任一种所述用户登录认证方法的步骤。In a fourth aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of any one of the above-mentioned user login authentication methods .

本发明实施例提供的用户登录认证方法及系统，通过在用户登录系统过程中实现二次加密，加密后密码为不可逆，且同一密码加密结果不同，但仍能匹配成功，多次加密过程保障了系统的登录安全。The user login authentication method and system provided by the embodiments of the present invention realize secondary encryption in the process of user login to the system. After encryption, the password is irreversible, and the encryption results of the same password are different, but they can still be successfully matched. Multiple encryption processes ensure that System login security.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案，下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍，显而易见地，下面描述中的附图是本发明的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动的前提下，还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative efforts.

图1是本发明实施例提供的一种用户登录认证方法的流程示意图；1 is a schematic flowchart of a user login authentication method provided by an embodiment of the present invention;

图2是本发明实施例提供的一种用户登录认证系统的结构示意图；2 is a schematic structural diagram of a user login authentication system provided by an embodiment of the present invention;

图3是本发明实施例提供的一种电子设备的结构示意图。FIG. 3 is a schematic structural diagram of an electronic device provided by an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚，下面将结合本发明实施例中的附图，对本发明实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例是本发明一部分实施例，而不是全部的实施例。基于本发明中的实施例，本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例，都属于本发明保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments These are some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

针对现有技术存在的问题，本发明实施例通过提出一种新的用户登录认证方法，该方法能保护用户的登录安全，保障密码的安全性，同时数据库中存储的是加密后的密码，更加安全，即使出现特殊情况导致数据泄露，也无法用加密后的密码登录系统。In view of the problems existing in the prior art, the embodiment of the present invention proposes a new user login authentication method, which can protect the user's login security and ensure the security of the password. Meanwhile, the encrypted password is stored in the database. Security, even if special circumstances lead to data leakage, the encrypted password cannot be used to log in to the system.

图1是本发明实施例提供的一种用户登录认证方法的流程示意图，如图1所示，包括：FIG. 1 is a schematic flowchart of a user login authentication method provided by an embodiment of the present invention, as shown in FIG. 1 , including:

S1，获取前端输入的密码原文；S1, get the original text of the password entered by the front end;

S2，将所述密码原文进行第一正向加密处理，得到第一加密密文；S2, performing a first forward encryption process on the original text of the cipher to obtain a first encrypted ciphertext;

S3，将所述第一加密密文传输至后端，对所述第一加密密文进行逆向解密处理，得到初始解密结果；S3, transmitting the first encrypted ciphertext to the back end, and performing reverse decryption processing on the first encrypted ciphertext to obtain an initial decryption result;

S4，对所述初始解密结果进行第二正向加密处理，得到第二加密密文；S4, performing a second forward encryption process on the initial decryption result to obtain a second encrypted ciphertext;

S5，将所述第二加密密文与预设密码库进行匹配，得到最终解密结果。S5: Match the second encrypted ciphertext with a preset password library to obtain a final decryption result.

其中，所述第一正向加密处理包括加密操作和转码操作。Wherein, the first forward encryption process includes an encryption operation and a transcoding operation.

其中，所述逆向解密处理包括解码操作和解密操作。Wherein, the reverse decryption process includes a decoding operation and a decryption operation.

其中，所述第二正向加密处理包括通过SHA-256算法和随机盐算法处理，以及添加密钥操作。Wherein, the second forward encryption processing includes processing through SHA-256 algorithm and random salt algorithm, and adding a key operation.

其中，所述SHA-256算法为不可逆的Hash算法。The SHA-256 algorithm is an irreversible Hash algorithm.

其中，所述第一加密密文与所述第二加密密文不相同。Wherein, the first encrypted ciphertext is different from the second encrypted ciphertext.

其中，所述预设密码库是通过将加密密码存储在预设数据库中所得到的。Wherein, the preset password database is obtained by storing encrypted passwords in a preset database.

具体地，在登录系统前端输入登录密码原文，前台将该密码原文进行加密后再做转码处理；此处，使用的加密转码算法一般为常用的加密算法，例如：Specifically, input the original text of the login password at the front end of the login system, and the front desk encrypts the original text of the password before transcoding; here, the encryption and transcoding algorithms used are generally commonly used encryption algorithms, such as:

(1)MD5消息摘要算法(MD5 Message-Digest Algorithm)，一种被广泛使用的密码散列函数，可以产生出一个128位(16字节)的散列值(hash value)，用于确保信息传输完整一致，md5加密算法是不可逆的，所以解密一般都是通过暴力穷举方法，通过网站的接口实现解密；(1) MD5 Message-Digest Algorithm, a widely used cryptographic hash function that can generate a 128-bit (16-byte) hash value to ensure information The transmission is complete and consistent, and the md5 encryption algorithm is irreversible, so the decryption is generally achieved through the brute force method and the interface of the website;

(2)数据加密标准(Data Encryption Standard)，属于对称加密算法，DES是一个分组加密算法，典型的DES以64位为分组对数据加密，加密和解密用的是同一个算法，它的密钥长度是56位(因为每个第8位都用作奇偶校验)，密钥可以是任意的56位的数，而且可以任意时候改变；(2) Data Encryption Standard (Data Encryption Standard), which belongs to symmetric encryption algorithm, DES is a block encryption algorithm, typical DES encrypts data in 64-bit packets, and the same algorithm is used for encryption and decryption, and its key The length is 56 bits (because every 8th bit is used as a parity check), the key can be any 56-bit number, and it can be changed at any time;

(3)RSA(Rivest Shamir Adleman)加密算法是一种非对称加密算法，在公开密钥加密和电子商业中RSA被广泛使用，它被普遍认为是目前最优秀的公钥方案之一，RSA是第一个能同时用于加密和数字签名的算法，它能够抵抗到目前为止已知的所有密码攻击；(3) RSA (Rivest Shamir Adleman) encryption algorithm is an asymmetric encryption algorithm. RSA is widely used in public key encryption and electronic commerce. It is generally considered to be one of the best public key schemes at present. The first algorithm that can be used for both encryption and digital signatures, it is resistant to all cryptographic attacks known so far;

(4)高级加密标准(英语：Advanced Encryption Standard)，在密码学中又称Rijndael加密法，是美国联邦政府采用的一种区块加密标准，这个标准用来替代原先的DES，已经被多方分析且广为全世界所使用。(4) Advanced Encryption Standard (English: Advanced Encryption Standard), also known as Rijndael encryption method in cryptography, is a block encryption standard adopted by the US federal government. This standard is used to replace the original DES and has been analyzed by many parties. And widely used all over the world.

经过上述加密转码处理后，即得到第一加密密文，传输至后台，由后台再进行解码和解密处理，显然，该过程和第一次加密过程是正向和逆向的关系。After the above encryption and transcoding process, the first encrypted ciphertext is obtained, which is transmitted to the background, and then decoded and decrypted by the background. Obviously, this process and the first encryption process are in a forward and reverse relationship.

在解密出密码原文后，在后台进行第二次加密，此处，加密方法采用SHA-256+随机盐+密钥对密码进行加密。After decrypting the original text of the password, the second encryption is performed in the background. Here, the encryption method uses SHA-256 + random salt + key to encrypt the password.

SHA-256算法(Secure Hash Algorithm)即为安全哈希算法，为不可逆的，其中本发明实施例采用了256位长度的哈希值，属于SHA系列算法的一个延伸分支算法，哈希函数，又称散列算法，是一种从任何一种数据中创建小的数字“指纹”的方法。散列函数把消息或数据压缩成摘要，使得数据量变小，将数据的格式固定下来。该函数将数据打乱混合，重新创建一个叫做散列值(或哈希值)的指纹，散列值通常用一个短的随机字母和数字组成的字符串来代表，对于任意长度的消息，SHA256都会产生一个256bit长的哈希值，称作消息摘要。The SHA-256 algorithm (Secure Hash Algorithm) is a secure hash algorithm, which is irreversible, wherein the embodiment of the present invention adopts a hash value with a length of 256 bits, which belongs to an extended branch algorithm of the SHA series of algorithms, a hash function, and Called a hashing algorithm, it is a method of creating small digital "fingerprints" from any kind of data. The hash function compresses the message or data into a digest, making the amount of data smaller and fixing the format of the data. This function shuffles the data and recreates a fingerprint called a hash value (or hash value). The hash value is usually represented by a short string of random letters and numbers. For messages of arbitrary length, SHA256 Will generate a 256bit long hash value, called the message digest.

随机盐的概念为：首先具体到盐(Salt)，在密码学中，是指通过在密码任意固定位置插入特定的字符串，让散列后的结果和使用原始密码的散列结果不相符，这种过程称之为“加盐”；通常情况下，当字段经过散列处理(如MD5)，会生成一段散列值，而散列后的值一般是无法通过特定算法得到原始字段的。但是某些情况，比如一个大型的彩虹表，通过在表中搜索该MD5值，很有可能在极短的时间内找到该散列值对应的真实字段内容；加盐后的散列值，可以极大的降低由于用户数据被盗而带来的密码泄漏风险，即使通过彩虹表寻找到了散列后的数值所对应的原始内容，但是由于经过了加盐，插入的字符串扰乱了真正的密码，使得获得真实密码的概率大大降低；加盐的实现过程通常是在需要散列的字段的特定位置增加特定的字符，打乱原始的字符串，使其生成的散列结果产生变化。The concept of random salt is as follows: First, it is specific to the salt. In cryptography, it refers to inserting a specific string in any fixed position of the password, so that the hashed result does not match the hash result of the original password. This process is called "salting"; usually, when a field is hashed (such as MD5), a hash value is generated, and the hashed value is generally unable to obtain the original field through a specific algorithm. However, in some cases, such as a large rainbow table, by searching the MD5 value in the table, it is very possible to find the real field content corresponding to the hash value in a very short time; the hash value after salting can be Greatly reduce the risk of password leakage due to the theft of user data. Even if the original content corresponding to the hashed value is found through the rainbow table, the inserted string disturbs the real password due to salting. , so that the probability of obtaining the real password is greatly reduced; the implementation process of salting is usually to add specific characters in specific positions of the fields that need to be hashed, scramble the original strings, and change the generated hash results.

经过上述一系列的加密处理后，对于同一个密码，加密后每次输出的结果都是不一样的，但最终能和存储在数据库中的加密密码进行查询匹配并能匹配成功，数据库中密码存储的是加密后且不可解密的密文。After the above series of encryption processing, for the same password, the output result after encryption is different each time, but it can finally be queried and matched with the encrypted password stored in the database and can be successfully matched. The password stored in the database is the encrypted and undecipherable ciphertext.

本发明实施例通过在用户登录系统过程中实现二次加密，加密后密码为不可逆，且同一密码加密结果不同，但仍能匹配成功，多次加密过程保障了系统的登录安全。The embodiment of the present invention implements secondary encryption in the process of user login to the system. After encryption, the password is irreversible, and the encryption results of the same password are different, but the matching can still be successful. Multiple encryption processes ensure the security of system login.

下面对本发明实施例提供的用户登录认证系统进行描述，下文描述的用户登录认证系统与上文描述的用户登录认证方法可相互对应参照。The following describes the user login authentication system provided by the embodiments of the present invention. The user login authentication system described below and the user login authentication method described above may refer to each other correspondingly.

图2是本发明实施例提供的一种用户登录认证系统的结构示意图，如图2所示，包括：获取模块21、第一加密模块22、解密模块23、第二加密模块24和匹配模块25；其中：FIG. 2 is a schematic structural diagram of a user login authentication system provided by an embodiment of the present invention. As shown in FIG. 2 , it includes: anacquisition module 21 , afirst encryption module 22 , adecryption module 23 , asecond encryption module 24 and amatching module 25 ;in:

获取模块21用于获取前端输入的密码原文；第一加密模块22用于将所述密码原文进行第一正向加密处理，得到第一加密密文；解密模块23用于将所述第一加密密文传输至后端，对所述第一加密密文进行逆向解密处理，得到初始解密结果；第二加密模块24用于对所述初始解密结果进行第二正向加密处理，得到第二加密密文；匹配模块25用于将所述第二加密密文与预设密码库进行匹配，得到最终解密结果。The obtainingmodule 21 is used to obtain the original text of the password input by the front end; thefirst encryption module 22 is used to perform the first forward encryption processing on the original text of the password to obtain the first encrypted ciphertext; thedecryption module 23 is used to encrypt the first encrypted text The ciphertext is transmitted to the back end, and the first encrypted ciphertext is subjected to reverse decryption processing to obtain an initial decryption result; thesecond encryption module 24 is configured to perform second forward encryption processing on the initial decryption result to obtain a second encrypted Ciphertext; thematching module 25 is configured to match the second encrypted ciphertext with a preset password library to obtain a final decryption result.

图3示例了一种电子设备的实体结构示意图，如图3所示，该电子设备可以包括：处理器(processor)310、通信接口(Communications Interface)320、存储器(memory)330和通信总线340，其中，处理器310，通信接口320，存储器330通过通信总线340完成相互间的通信。处理器310可以调用存储器330中的逻辑指令，以执行用户登录认证方法，该方法包括：获取前端输入的密码原文；将所述密码原文进行第一正向加密处理，得到第一加密密文；将所述第一加密密文传输至后端，对所述第一加密密文进行逆向解密处理，得到初始解密结果；对所述初始解密结果进行第二正向加密处理，得到第二加密密文；将所述第二加密密文与预设密码库进行匹配，得到最终解密结果。FIG. 3 illustrates a schematic diagram of the physical structure of an electronic device. As shown in FIG. 3 , the electronic device may include: a processor (processor) 310, a communication interface (Communications Interface) 320, a memory (memory) 330 and acommunication bus 340, Theprocessor 310 , thecommunication interface 320 , and thememory 330 communicate with each other through thecommunication bus 340 . Theprocessor 310 can call the logic instruction in thememory 330 to execute the user login authentication method, the method includes: obtaining the original password inputted by the front end; performing a first forward encryption process on the original password to obtain the first encrypted ciphertext; The first encrypted ciphertext is transmitted to the back end, and reverse decryption processing is performed on the first encrypted ciphertext to obtain an initial decryption result; the second forward encryption processing is performed on the initial decryption result to obtain a second encrypted ciphertext. text; match the second encrypted cipher text with the preset password library to obtain the final decryption result.

此外，上述的存储器330中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时，可以存储在一个计算机可读取存储介质中。基于这样的理解，本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来，该计算机软件产品存储在一个存储介质中，包括若干指令用以使得一台计算机设备(可以是个人计算机，服务器，或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括：U盘、移动硬盘、只读存储器(ROM，Read-Only Memory)、随机存取存储器(RAM，Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。In addition, the above-mentioned logic instructions in thememory 330 may be implemented in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as an independent product. Based on this understanding, the technical solution of the present invention can be embodied in the form of a software product in essence, or the part that contributes to the prior art or the part of the technical solution. The computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes .

另一方面，本发明实施例还提供一种计算机程序产品，所述计算机程序产品包括存储在非暂态计算机可读存储介质上的计算机程序，所述计算机程序包括程序指令，当所述程序指令被计算机执行时，计算机能够执行上述各方法实施例所提供的用户登录认证方法，该方法包括：获取前端输入的密码原文；将所述密码原文进行第一正向加密处理，得到第一加密密文；将所述第一加密密文传输至后端，对所述第一加密密文进行逆向解密处理，得到初始解密结果；对所述初始解密结果进行第二正向加密处理，得到第二加密密文；将所述第二加密密文与预设密码库进行匹配，得到最终解密结果。On the other hand, an embodiment of the present invention also provides a computer program product, the computer program product includes a computer program stored on a non-transitory computer-readable storage medium, the computer program includes program instructions, when the program instructions When executed by a computer, the computer can execute the user login authentication method provided by the above method embodiments. The method includes: obtaining the original password inputted by the front end; performing a first forward encryption process on the original password to obtain a first encrypted password. transmitting the first encrypted ciphertext to the back end, and performing reverse decryption processing on the first encrypted ciphertext to obtain an initial decryption result; performing a second forward encryption processing on the initial decryption result to obtain a second Encrypting the ciphertext; matching the second encrypted ciphertext with a preset cipher library to obtain a final decryption result.

又一方面，本发明实施例还提供一种非暂态计算机可读存储介质，其上存储有计算机程序，该计算机程序被处理器执行时实现以执行上述各实施例提供的用户登录认证方法，该方法包括：获取前端输入的密码原文；将所述密码原文进行第一正向加密处理，得到第一加密密文；将所述第一加密密文传输至后端，对所述第一加密密文进行逆向解密处理，得到初始解密结果；对所述初始解密结果进行第二正向加密处理，得到第二加密密文；将所述第二加密密文与预设密码库进行匹配，得到最终解密结果。In another aspect, the embodiments of the present invention further provide a non-transitory computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, is implemented to execute the user login authentication method provided by the above embodiments, The method includes: acquiring the original text of the password input by the front end; performing a first forward encryption process on the original text of the password to obtain a first encrypted cipher text; transmitting the first encrypted cipher text to the back end, and encrypting the first encrypted text Perform reverse decryption processing on the ciphertext to obtain an initial decryption result; perform second forward encryption processing on the initial decryption result to obtain a second encrypted ciphertext; match the second encrypted ciphertext with a preset password library to obtain The final decryption result.

以上所描述的装置实施例仅仅是示意性的，其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的，作为单元显示的部件可以是或者也可以不是物理单元，即可以位于一个地方，或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下，即可以理解并实施。The device embodiments described above are only illustrative, wherein the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in One place, or it can be distributed over multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment. Those of ordinary skill in the art can understand and implement it without creative effort.

通过以上的实施方式的描述，本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现，当然也可以通过硬件。基于这样的理解，上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来，该计算机软件产品可以存储在计算机可读存储介质中，如ROM/RAM、磁碟、光盘等，包括若干指令用以使得一台计算机设备(可以是个人计算机，服务器，或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on this understanding, the above-mentioned technical solutions can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products can be stored in computer-readable storage media, such as ROM/RAM, magnetic A disc, an optical disc, etc., includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the methods described in various embodiments or some parts of the embodiments.

最后应说明的是：以上实施例仅用以说明本发明的技术方案，而非对其限制；尽管参照前述实施例对本发明进行了详细的说明，本领域的普通技术人员应当理解：其依然可以对前述各实施例所记载的技术方案进行修改，或者对其中部分技术特征进行等同替换；而这些修改或者替换，并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, but not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that it can still be The technical solutions described in the foregoing embodiments are modified, or some technical features thereof are equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

Translated fromChinese

1.一种用户登录认证方法，其特征在于，包括：1. a user login authentication method, is characterized in that, comprises:

2.根据权利要求1所述的用户登录认证方法，其特征在于，所述第一正向加密处理包括加密操作和转码操作。2 . The user login authentication method according to claim 1 , wherein the first forward encryption process includes an encryption operation and a transcoding operation. 3 .

3.根据权利要求1所述的用户登录认证方法，其特征在于，所述逆向解密处理包括解码操作和解密操作。3 . The user login authentication method according to claim 1 , wherein the reverse decryption processing includes a decoding operation and a decrypting operation. 4 .

4.根据权利要求1所述的用户登录认证方法，其特征在于，所述第二正向加密处理包括通过SHA-256算法和随机盐算法处理，以及添加密钥操作。4 . The user login authentication method according to claim 1 , wherein the second forward encryption processing comprises processing through SHA-256 algorithm and random salt algorithm, and an operation of adding a key. 5 .

5.根据权利要求4所述的用户登录认证方法，其特征在于，所述SHA-256算法为不可逆的Hash算法。5. The user login authentication method according to claim 4, wherein the SHA-256 algorithm is an irreversible Hash algorithm.

6.根据权利要求1所述的用户登录认证方法，其特征在于，所述第一加密密文与所述第二加密密文不相同。6 . The user login authentication method according to claim 1 , wherein the first encrypted ciphertext is different from the second encrypted ciphertext. 7 .

7.根据权利要求1至6中任一权利要求所述的用户登录认证方法，其特征在于，所述预设密码库是通过将加密密码存储在预设数据库中所得到的。7 . The user login authentication method according to claim 1 , wherein the preset password database is obtained by storing encrypted passwords in a preset database. 8 .

8.一种用户登录认证系统，其特征在于，包括：8. A user login authentication system, comprising:

9.一种电子设备，包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序，其特征在于，所述处理器执行所述程序时实现如权利要求1至7任一项所述用户登录认证方法的步骤。9. An electronic device, comprising a memory, a processor and a computer program stored on the memory and running on the processor, wherein the processor implements any one of claims 1 to 7 when the processor executes the program The steps of the user login authentication method described in item .

10.一种非暂态计算机可读存储介质，其上存储有计算机程序，其特征在于，该计算机程序被处理器执行时实现如权利要求1至7任一项所述用户登录认证方法的步骤。10. A non-transitory computer-readable storage medium on which a computer program is stored, characterized in that, when the computer program is executed by a processor, the steps of the user login authentication method according to any one of claims 1 to 7 are implemented .